SQUID: Configure the Squid proxy server.

Presentation

The Squidproxy server is mainly used as a gateway between users and the Internet, providing the following functions:

cache user requests to Internet: if two users access the same website, only the first one will trigger the load of static objects, the other one getting them from disk managed by Squid (gain in speed and bandwidth),

restrict access to Internet: ACL (Access Control List) can be defined to restrict IP addresses allowed to go through the proxy,

log user requests to Internet: Squid log files can record all requests going through it.

Although this is not the purpose of this tutorial, Squid can also be used as a content accelerator. In this case, it is located in front of a webserver to speed up all requests for static objects. This is the reverse proxy role.

By default the Squidproxy listens to the 3128tcp port and uses two network interfaces: one connected to the local network (here eth0) and one connected to the outside world (here eth1).

This means that all the users needing access to the Internet will have to set up their browser configuration to point to the Squid IP address and the 3128 port (various ways exist to do that automatically but it’s not the purpose of this tutorial).

The Squidproxy default gateway should be pointing to the Internet.

Installation procedure

Install the Squid package:

# yum install -y squid

Edit the /etc/squid/squid.conf file and uncomment the line starting with the #cache_dir string:

cache_dir ufs /var/spool/squid 100 16 256

Note: ufs means the Squid storage space, /var/spool/squid represents the directory where the cache will be stored, 100 means the cache size (here 100MB), 16 and 256 are respectively the number of subdirectories of first and second level to create. Normally, only the 100MB parameter needs to be adjusted to the size allocated to the cache.

Then, in the same file, search for the INSERT YOUR OWN RULE string. Paste the following lines without forgetting to replace the X.Y.Z.0/N string with your local network addressing:

acl MyNetwork src X.Y.Z.0/N
http_access allow MyNetwork

Optionally, still in the same file, use the visible_hostname directive to define the full name of the Squid server (useful in error messages):

visible_hostname squid.example.com

Optionally, to change the port to which the Squidproxy is listening, modify the parameter of the http_port directive:

http_port 8080

Note: An additional change to the firewall configuration will be needed to allow access to the 8080 port.

Leave a Reply

Upcoming Events (Local Time)

Aug

14

Wed

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create two new user accounts "steve" and "oliver".
Create a group "team". Create a directory "shared".
All files put into the "shared" directory by "steve" or "oliver" should belong to the "team" group and be only visible by them.